Seems to be related to Apache mod_security. There is a username or maybe even a user bio entry that is triggering mod_security rules in your server with Pattern match “\\bselect\\b.{0,40}\\buser\\b” meaning that there is a string somewhere with the words SELECT and USER close to each other. Those are seen as sql command by the mod_security rules.